From: "Keith Ivey" <[EMAIL PROTECTED]>
> Loren Wilton wrote:
>
> > FWIW, I've been running that rule [checking for middle initial in
> > "From"] since before it was mentioned on the list, and it is still
> > moderately useful. It does hit ham, but at one point or however I
> > have it scored tha
From: "Keith Ivey" <[EMAIL PROTECTED]>
> Note also that the fact that wildcards allow more than one additional
> level is useful too. You can't stop people from adding "www." to
> everything (hell, too many of them want to add it to their e-mail
> addresses), so it's good to have www.atrios.bl
>...
>
>List Mail User wrote:
>
>> Also, just curious, but do you have problems with the forward
>> and reverse DNS of you mail servers not mapping together (ex.
>> mail.dailykos.com
>> maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
>> particular do you have problems
>...
>
>Quoting List Mail User <[EMAIL PROTECTED]>:
>
>> maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
>> particular do you have problems with ISPs like AOL?). Also, I'm not sure
>> if my own servers would accept mail from a host like that - It would depend
>> on the
>...
>
>Loren Wilton wrote:
>
>> FWIW, I've been running that rule [checking for middle initial in
>> "From"] since before it was mentioned on the list, and it is still
>> moderately useful. It does hit ham, but at one point or however I
>> have it scored that isn't significant. On the other hand
>...
>
>Just to clarify, since Paul seems to have misunderstood, I have nothing
>to do with administering slashdot.org or any of the other domains I
>listed. Those were just examples. I'm not connected with them, and
>they mostly have nothing to do with each other as well. And I don't
>think
Quoting Keith Ivey <[EMAIL PROTECTED]>:
Sorry if I seem overly combative. I tend to react negatively when
people propose rules that mark me as a spammer.
I just wanted to remind everyone that the original method this thread
was about
had nothing to do with marking a wildcard as being spam.
>...
>
>> This rule seems nearly as bad an idea as the one someone suggested a
>> while back that would penalize everyone who uses a middle initial in
>> their "From:" line.
>
>FWIW, I've been running that rule since before it was mentioned on the list,
>and it is still moderately useful. It does
List Mail User wrote:
Also, just curious, but do you have problems with the forward
and reverse DNS of you mail servers not mapping together (ex. mail.dailykos.com
maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
particular do you have problems with ISPs like AOL?).
Quoting List Mail User <[EMAIL PROTECTED]>:
maps to 69.9.164.210, but the reverse of 69.9.164.210 is faye.voxel.net - in
particular do you have problems with ISPs like AOL?). Also, I'm not sure
if my own servers would accept mail from a host like that - It would depend
on the HELO/EHLO argument
Loren Wilton wrote:
FWIW, I've been running that rule [checking for middle initial in
"From"] since before it was mentioned on the list, and it is still
moderately useful. It does hit ham, but at one point or however I
have it scored that isn't significant. On the other hand, that point
has mo
Just to clarify, since Paul seems to have misunderstood, I have nothing
to do with administering slashdot.org or any of the other domains I
listed. Those were just examples. I'm not connected with them, and
they mostly have nothing to do with each other as well. And I don't
think you're goin
> Is there an SA rule to detect URIs that have ridiculously large
> numbers of subdomain levels? If not, perhaps it could be useful
> (perhaps even more useful than wildcard DNS). Note that it may
> not be feasible to resolve domains found in message body URIs
> to even detect wildcards.
There m
> This rule seems nearly as bad an idea as the one someone suggested a
> while back that would penalize everyone who uses a middle initial in
> their "From:" line.
FWIW, I've been running that rule since before it was mentioned on the list,
and it is still moderately useful. It does hit ham, but
Jeff Chan wrote:
Is there an SA rule to detect URIs that have ridiculously large
numbers of subdomain levels? If not, perhaps it could be useful
(perhaps even more useful than wildcard DNS). Note that it may
not be feasible to resolve domains found in message body URIs
to even detect wildcards.
On Tuesday, May 24, 2005, 2:19:47 AM, List User wrote:
> Jdow's point about very long chains of subdomains is real - It is too bad
> that there is not a common syntax for "allow anything 1 or N levels deep",
> just the "allow anything" case.
Is there an SA rule to detect URIs that have ridiculousl
At 02:20 24-5-2005, you wrote:
A similar idea, without the "back-channel" flaw is to test the
domain for either 'CNAME' or 'A' record `wildcards' (as in the command
"dig '*.spammer_domain.tld' a" and "dig '*.spammer_domain.tld' cname").
This is an excellent spam sign (the host portion of
It looks what my suggested test actually is finding a physical sites
which tend to use large numbers of virtually hosted domains on web servers.
Spammers are merely a subset of this group - but the set I look at the most.
Jdow's point about very long chains of subdomains is real - It is too
On Monday, May 23, 2005, 4:59:14 PM, Justin Mason wrote:
> We did actually have an "A of domain name" test during 3.0.0 development,
> I think, but dropped it for various reasons:
> - - if a spammer were to use a hostname like
> "jm_at_jmason_dot_org.spamdomain.com", they get a free backchannel
On Monday, May 23, 2005, 5:20:10 PM, List User wrote:
> A similar idea, without the "back-channel" flaw is to test the
> domain for either 'CNAME' or 'A' record `wildcards' (as in the command
> "dig '*.spammer_domain.tld' a" and "dig '*.spammer_domain.tld' cname").
> This is an excellent sp
>...
>
>From: "Keith Ivey" <[EMAIL PROTECTED]>
>
>> List Mail User wrote:
>>
>> > Legitimate domains will use wildcards for 'NS', 'MX' and even
>> > occasionally for some more obscure records, but an 'A' or 'CNAME'
>> > record is nearly always a spammer.
>>
>> Do you have any statistics for that?
>...
>
>List Mail User wrote:
>
>> Legitimate domains will use wildcards for 'NS', 'MX' and even
>> occasionally for some more obscure records, but an 'A' or 'CNAME'
>> record is nearly always a spammer.
>
>Do you have any statistics for that? I administer plenty of domains
>that have wildcard A
Quoting Keith Ivey <[EMAIL PROTECTED]>:
List Mail User wrote:
Legitimate domains will use wildcards for 'NS', 'MX' and even
occasionally for some more obscure records, but an 'A' or 'CNAME'
record is nearly always a spammer.
Do you have any statistics for that? I administer plenty of domain
Quoting List Mail User <[EMAIL PROTECTED]>:
Looks like I slightly over estimated. I just checked the last
40 spams I received. After ignoring 419s, stock pumps and phishing I
found 14 without wildcards and 21 with - exactly 60% (only one had a
'CNAME' wildcard, the rest were all 'A' re
jdow wrote:
One must wonder at their motivations for allowing things like
wassyup.metazeek.spindrift.metafilter.com. Is there a good one?
I'm not sure about metafilter.com. It could just be that Matt Haughey
doesn't want to mess with his DNS whenever he wants to set up a new
subdomain, like
On Mon, May 23, 2005 at 08:26:45PM -0700, jdow wrote:
> One must wonder at their motivations for allowing things like
> wassyup.metazeek.spindrift.metafilter.com. Is there a good one?
It's good when you have a single setup serving all your websites,
for instance. I do this for all of my domains (
From: "Keith Ivey" <[EMAIL PROTECTED]>
> List Mail User wrote:
>
> > Legitimate domains will use wildcards for 'NS', 'MX' and even
> > occasionally for some more obscure records, but an 'A' or 'CNAME'
> > record is nearly always a spammer.
>
> Do you have any statistics for that? I administer p
From: <[EMAIL PROTECTED]>
> Quoting Justin Mason <[EMAIL PROTECTED]>:
>
> >> A similar idea, without the "back-channel" flaw is to test the
> >> domain for either 'CNAME' or 'A' record `wildcards' (as in the command
> >> "dig '*.spammer_domain.tld' a" and "dig '*.spammer_domain.tld' cname").
> >>
List Mail User wrote:
Legitimate domains will use wildcards for 'NS', 'MX' and even
occasionally for some more obscure records, but an 'A' or 'CNAME'
record is nearly always a spammer.
Do you have any statistics for that? I administer plenty of domains
that have wildcard A records, and I'm n
>> >...
>>
>> A similar idea, without the "back-channel" flaw is to test the
>> domain for either 'CNAME' or 'A' record `wildcards' (as in the command
>> "dig '*.spammer_domain.tld' a" and "dig '*.spammer_domain.tld' cname").
>> This is an excellent spam sign (the host portion of the name is
Quoting Justin Mason <[EMAIL PROTECTED]>:
A similar idea, without the "back-channel" flaw is to test the
domain for either 'CNAME' or 'A' record `wildcards' (as in the command
"dig '*.spammer_domain.tld' a" and "dig '*.spammer_domain.tld' cname").
This is an excellent spam sign (the host
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jdow writes:
> From: "Justin Mason" <[EMAIL PROTECTED]>
>
> > - - if a spammer were to use a hostname like
> > "jm_at_jmason_dot_org.spamdomain.com", they get a free backchannel to
> > verify that I was (a) using SpamAssassin to filter to my mail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
List Mail User writes:
> >Theo Van Dinter writes:
> >> On Mon, May 23, 2005 at 06:45:12PM -0500, [EMAIL PROTECTED] wrote:
> >> > Here's the algorithm:
> >> >
> >> > 1 Decode any URL-encoding in the message
> >> > 2 Un-MIME the message
> >>
> >
From: "Justin Mason" <[EMAIL PROTECTED]>
> - - if a spammer were to use a hostname like
> "jm_at_jmason_dot_org.spamdomain.com", they get a free backchannel to
> verify that I was (a) using SpamAssassin to filter to my mail, and (b)
> that that address is valid. So blindly resolving the ful
>...
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>
>Theo Van Dinter writes:
>> On Mon, May 23, 2005 at 06:45:12PM -0500, [EMAIL PROTECTED] wrote:
>> > Here's the algorithm:
>> >
>> > 1 Decode any URL-encoding in the message
>> > 2 Un-MIME the message
>>
>> Wrong order?
>>
>> > 3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Theo Van Dinter writes:
> On Mon, May 23, 2005 at 06:45:12PM -0500, [EMAIL PROTECTED] wrote:
> > Here's the algorithm:
> >
> > 1 Decode any URL-encoding in the message
> > 2 Un-MIME the message
>
> Wrong order?
>
> > 3 Scan all parts of th
On Mon, May 23, 2005 at 06:45:12PM -0500, [EMAIL PROTECTED] wrote:
> Here's the algorithm:
>
> 1 Decode any URL-encoding in the message
> 2 Un-MIME the message
Wrong order?
> 3 Scan all parts of the message for URLs and email addresses (this can be
> links, IMG tags, mailto:'s, or even
37 matches
Mail list logo
